Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update infra-public-wafs #1821

Merged
merged 2 commits into from
Feb 29, 2024
Merged

Update infra-public-wafs #1821

merged 2 commits into from
Feb 29, 2024

Conversation

robinjam
Copy link
Contributor

@robinjam robinjam commented Feb 29, 2024
edited
Loading

Unblocks Trello card

Removes leftover ACL associations and AWS Shield protections for some LBs that have been deleted, and removes the now-unused licensify_backend_public_waf and licensify_frontend_public_waf ACLs.

Terraform plans

Integration 
Terraform will perform the following actions:

  # aws_cloudwatch_log_group.licensify_backend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_backend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_backend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:210287912431:log-group:aws-waf-logs-licensify-backend-public-integration" -> null
      - id                = "aws-waf-logs-licensify-backend-public-integration" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-backend-public-integration" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_cloudwatch_log_group.licensify_frontend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_frontend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_frontend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:210287912431:log-group:aws-waf-logs-licensify-frontend-public-integration" -> null
      - id                = "aws-waf-logs-licensify-frontend-public-integration" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-frontend-public-integration" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_shield_protection.deploy_public_lb will be destroyed
  # (because aws_shield_protection.deploy_public_lb is not in configuration)
  - resource "aws_shield_protection" "deploy_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/5f0cf310-2cb9-480b-81bb-dbe112a0074c" -> null
      - id           = "5f0cf310-2cb9-480b-81bb-dbe112a0074c" -> null
      - name         = "govuk-deploy-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/govuk-deploy-public/a9c756b1e17e8ceb" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.graphite_public_lb will be destroyed
  # (because aws_shield_protection.graphite_public_lb is not in configuration)
  - resource "aws_shield_protection" "graphite_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/418715e7-1b82-4502-9ef3-8067f834d857" -> null
      - id           = "418715e7-1b82-4502-9ef3-8067f834d857" -> null
      - name         = "govuk-graphite-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/govuk-graphite-public/590597396e479a0b" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_backend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_backend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_backend_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/07a5e2f4-a7e4-4582-9f04-9623adf96f3c" -> null
      - id           = "07a5e2f4-a7e4-4582-9f04-9623adf96f3c" -> null
      - name         = "govuk-licensify-backend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/licensify-backend-public/622b8c037c5134f4" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_frontend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_frontend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_frontend_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/331920ec-ea83-4a38-a4ee-e6517c7f93ef" -> null
      - id           = "331920ec-ea83-4a38-a4ee-e6517c7f93ef" -> null
      - name         = "govuk-licensify-frontend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/govuk-licensify-frontend-public/2dedad09a1c88731" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.monitoring_public_lb will be destroyed
  # (because aws_shield_protection.monitoring_public_lb is not in configuration)
  - resource "aws_shield_protection" "monitoring_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/1543eadc-2e69-44d3-a786-a7f0144af8b8" -> null
      - id           = "1543eadc-2e69-44d3-a786-a7f0144af8b8" -> null
      - name         = "govuk-monitoring-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/govuk-monitoring-public/c19bb186ec9c101f" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.prometheus_public_lb will be destroyed
  # (because aws_shield_protection.prometheus_public_lb is not in configuration)
  - resource "aws_shield_protection" "prometheus_public_lb" {
      - arn          = "arn:aws:shield::210287912431:protection/0c5f4190-0f7d-41a4-896f-fd445bcd834b" -> null
      - id           = "0c5f4190-0f7d-41a4-896f-fd445bcd834b" -> null
      - name         = "govuk-prometheus-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:210287912431:loadbalancer/app/govuk-prometheus-public/98d773dc079d405b" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_wafv2_web_acl.licensify_backend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_backend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_backend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_backend_public_web_acl/99f1c636-9574-457c-b8e4-528555061382" -> null
      - capacity      = 55 -> null
      - id            = "99f1c636-9574-457c-b8e4-528555061382" -> null
      - lock_token    = "a310b48b-e3e0-4efa-8aa6-4676751cfd46" -> null
      - name          = "licensify_backend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "backend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:210287912431:regional/ipset/govuk_requesting_ips/4b6370ec-5dcd-4a79-ab56-08cce11c50e3" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-backend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 2000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 1000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:210287912431:regional/rulegroup/x-always-block_rule_group/611feb42-0748-40bb-bcc0-55a184314006" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-backend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl.licensify_frontend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_frontend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_frontend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_frontend_public_web_acl/d27503e3-1db4-4878-82f1-5c67b2eb0787" -> null
      - capacity      = 55 -> null
      - id            = "d27503e3-1db4-4878-82f1-5c67b2eb0787" -> null
      - lock_token    = "f743efe2-feb7-4eec-81f9-a8aba4dda9a8" -> null
      - name          = "licensify_frontend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "frontend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:210287912431:regional/ipset/govuk_requesting_ips/4b6370ec-5dcd-4a79-ab56-08cce11c50e3" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-frontend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 1000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 500 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:210287912431:regional/rulegroup/x-always-block_rule_group/611feb42-0748-40bb-bcc0-55a184314006" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-frontend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_backend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_backend_public_web_acl/99f1c636-9574-457c-b8e4-528555061382" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:210287912431:log-group:aws-waf-logs-licensify-backend-public-integration",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_backend_public_web_acl/99f1c636-9574-457c-b8e4-528555061382" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_frontend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_frontend_public_web_acl/d27503e3-1db4-4878-82f1-5c67b2eb0787" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:210287912431:log-group:aws-waf-logs-licensify-frontend-public-integration",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:210287912431:regional/webacl/licensify_frontend_public_web_acl/d27503e3-1db4-4878-82f1-5c67b2eb0787" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

Plan: 0 to add, 0 to change, 12 to destroy.
Staging 
Terraform will perform the following actions:

  # aws_cloudwatch_log_group.licensify_backend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_backend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_backend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:696911096973:log-group:aws-waf-logs-licensify-backend-public-staging" -> null
      - id                = "aws-waf-logs-licensify-backend-public-staging" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-backend-public-staging" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_cloudwatch_log_group.licensify_frontend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_frontend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_frontend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:696911096973:log-group:aws-waf-logs-licensify-frontend-public-staging" -> null
      - id                = "aws-waf-logs-licensify-frontend-public-staging" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-frontend-public-staging" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_shield_protection.deploy_public_lb will be destroyed
  # (because aws_shield_protection.deploy_public_lb is not in configuration)
  - resource "aws_shield_protection" "deploy_public_lb" {
      - arn          = "arn:aws:shield::696911096973:protection/ad31f617-f5b9-40c9-a988-143de494fb2d" -> null
      - id           = "ad31f617-f5b9-40c9-a988-143de494fb2d" -> null
      - name         = "govuk-deploy-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:696911096973:loadbalancer/app/govuk-deploy-public/b02a9414f77e0a62" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.graphite_public_lb will be destroyed
  # (because aws_shield_protection.graphite_public_lb is not in configuration)
  - resource "aws_shield_protection" "graphite_public_lb" {
      - arn          = "arn:aws:shield::696911096973:protection/2fa5a569-cdb9-4df6-abe7-7a235bb45b89" -> null
      - id           = "2fa5a569-cdb9-4df6-abe7-7a235bb45b89" -> null
      - name         = "govuk-graphite-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:696911096973:loadbalancer/app/govuk-graphite-public/40f0c456b9c6c125" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_backend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_backend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_backend_public_lb" {
      - arn          = "arn:aws:shield::696911096973:protection/4f92ba75-711c-4096-8cdf-0c165d7ad83c" -> null
      - id           = "4f92ba75-711c-4096-8cdf-0c165d7ad83c" -> null
      - name         = "govuk-licensify-backend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:696911096973:loadbalancer/app/licensify-backend-public/465eca7bf8a7cbcd" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_frontend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_frontend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_frontend_public_lb" {
      - arn          = "arn:aws:shield::696911096973:protection/711bb95f-16f0-431b-807e-78f63d2e27aa" -> null
      - id           = "711bb95f-16f0-431b-807e-78f63d2e27aa" -> null
      - name         = "govuk-licensify-frontend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:696911096973:loadbalancer/app/govuk-licensify-frontend-public/cd1873c590099466" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.monitoring_public_lb will be destroyed
  # (because aws_shield_protection.monitoring_public_lb is not in configuration)
  - resource "aws_shield_protection" "monitoring_public_lb" {
      - arn          = "arn:aws:shield::696911096973:protection/0f9f05f0-e8fc-4c0d-a4fd-52d9d8d2533e" -> null
      - id           = "0f9f05f0-e8fc-4c0d-a4fd-52d9d8d2533e" -> null
      - name         = "govuk-monitoring-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:696911096973:loadbalancer/app/govuk-monitoring-public/8dc903b0aedf636a" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_wafv2_web_acl.licensify_backend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_backend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_backend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_backend_public_web_acl/10e31737-37c7-437c-9734-f030fb54f7d7" -> null
      - capacity      = 55 -> null
      - id            = "10e31737-37c7-437c-9734-f030fb54f7d7" -> null
      - lock_token    = "e98c5592-d53e-4bda-adf5-b12a19972626" -> null
      - name          = "licensify_backend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "backend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:696911096973:regional/ipset/govuk_requesting_ips/346f9c98-cf75-44ed-a867-a51d406af1f5" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-backend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 2000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 1000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:696911096973:regional/rulegroup/x-always-block_rule_group/da760179-e12b-41b9-9680-c2321b5270b9" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-backend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl.licensify_frontend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_frontend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_frontend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_frontend_public_web_acl/e9a20daa-e8ab-4fc7-a31c-6a68f63ab446" -> null
      - capacity      = 55 -> null
      - id            = "e9a20daa-e8ab-4fc7-a31c-6a68f63ab446" -> null
      - lock_token    = "0ebbf461-b86c-4ff1-95e6-6dc058005c46" -> null
      - name          = "licensify_frontend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "frontend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:696911096973:regional/ipset/govuk_requesting_ips/346f9c98-cf75-44ed-a867-a51d406af1f5" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-frontend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 1000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 500 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:696911096973:regional/rulegroup/x-always-block_rule_group/da760179-e12b-41b9-9680-c2321b5270b9" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-frontend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_backend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_backend_public_web_acl/10e31737-37c7-437c-9734-f030fb54f7d7" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:696911096973:log-group:aws-waf-logs-licensify-backend-public-staging",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_backend_public_web_acl/10e31737-37c7-437c-9734-f030fb54f7d7" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_frontend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_frontend_public_web_acl/e9a20daa-e8ab-4fc7-a31c-6a68f63ab446" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:696911096973:log-group:aws-waf-logs-licensify-frontend-public-staging",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:696911096973:regional/webacl/licensify_frontend_public_web_acl/e9a20daa-e8ab-4fc7-a31c-6a68f63ab446" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

Plan: 0 to add, 0 to change, 11 to destroy.
Production 
Terraform will perform the following actions:

  # aws_cloudwatch_log_group.licensify_backend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_backend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_backend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:172025368201:log-group:aws-waf-logs-licensify-backend-public-production" -> null
      - id                = "aws-waf-logs-licensify-backend-public-production" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-backend-public-production" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_cloudwatch_log_group.licensify_frontend_public_waf will be destroyed
  # (because aws_cloudwatch_log_group.licensify_frontend_public_waf is not in configuration)
  - resource "aws_cloudwatch_log_group" "licensify_frontend_public_waf" {
      - arn               = "arn:aws:logs:eu-west-1:172025368201:log-group:aws-waf-logs-licensify-frontend-public-production" -> null
      - id                = "aws-waf-logs-licensify-frontend-public-production" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "aws-waf-logs-licensify-frontend-public-production" -> null
      - retention_in_days = 30 -> null
      - skip_destroy      = false -> null
      - tags              = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
      - tags_all          = {
          - "Project"       = "govuk"
          - "aws_stackname" = "govuk"
        } -> null
    }

  # aws_shield_protection.deploy_public_lb will be destroyed
  # (because aws_shield_protection.deploy_public_lb is not in configuration)
  - resource "aws_shield_protection" "deploy_public_lb" {
      - arn          = "arn:aws:shield::172025368201:protection/c88a31a8-61b3-4b8e-887d-8a0a15fc714c" -> null
      - id           = "c88a31a8-61b3-4b8e-887d-8a0a15fc714c" -> null
      - name         = "govuk-deploy-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:172025368201:loadbalancer/app/govuk-deploy-public/865887daba9b1375" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.graphite_public_lb will be destroyed
  # (because aws_shield_protection.graphite_public_lb is not in configuration)
  - resource "aws_shield_protection" "graphite_public_lb" {
      - arn          = "arn:aws:shield::172025368201:protection/dfb36387-8a5e-4822-826d-eee489de503d" -> null
      - id           = "dfb36387-8a5e-4822-826d-eee489de503d" -> null
      - name         = "govuk-graphite-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:172025368201:loadbalancer/app/govuk-graphite-public/0a21e4b98c5b1d8d" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_backend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_backend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_backend_public_lb" {
      - arn          = "arn:aws:shield::172025368201:protection/ad5f8f41-66ad-4b90-b7b2-2ae789f02881" -> null
      - id           = "ad5f8f41-66ad-4b90-b7b2-2ae789f02881" -> null
      - name         = "govuk-licensify-backend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:172025368201:loadbalancer/app/licensify-backend-public/7a5c0e9d1dd1902e" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.licensify_frontend_public_lb will be destroyed
  # (because aws_shield_protection.licensify_frontend_public_lb is not in configuration)
  - resource "aws_shield_protection" "licensify_frontend_public_lb" {
      - arn          = "arn:aws:shield::172025368201:protection/6fbc7fee-bc2e-4aae-9f51-ff9ad6c1e8b3" -> null
      - id           = "6fbc7fee-bc2e-4aae-9f51-ff9ad6c1e8b3" -> null
      - name         = "govuk-licensify-frontend-public_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:172025368201:loadbalancer/app/govuk-licensify-frontend-public/9b9c96d0634388d1" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_shield_protection.monitoring_public_lb will be destroyed
  # (because aws_shield_protection.monitoring_public_lb is not in configuration)
  - resource "aws_shield_protection" "monitoring_public_lb" {
      - arn          = "arn:aws:shield::172025368201:protection/e7ea1b34-aceb-4643-ba8b-cd6dd75c7274" -> null
      - id           = "e7ea1b34-aceb-4643-ba8b-cd6dd75c7274" -> null
      - name         = "govuk-monitoring-public-lb_shield" -> null
      - resource_arn = "arn:aws:elasticloadbalancing:eu-west-1:172025368201:loadbalancer/app/govuk-monitoring-public/fbc3c7ebc81d6ee1" -> null
      - tags         = {} -> null
      - tags_all     = {} -> null
    }

  # aws_wafv2_web_acl.licensify_backend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_backend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_backend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_backend_public_web_acl/69766e97-8175-4fd0-a2a1-222de39fcc05" -> null
      - capacity      = 55 -> null
      - id            = "69766e97-8175-4fd0-a2a1-222de39fcc05" -> null
      - lock_token    = "7ce479dd-e165-4303-ae7e-ca77736d44e2" -> null
      - name          = "licensify_backend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "backend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:172025368201:regional/ipset/govuk_requesting_ips/7a2ca1ea-e0c7-48bb-a42c-82365117a2b2" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-backend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 4000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-backend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 2000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-backend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:172025368201:regional/rulegroup/x-always-block_rule_group/e52f39a5-c453-49a0-8e0a-de25b7bacc42" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-backend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl.licensify_frontend_public will be destroyed
  # (because aws_wafv2_web_acl.licensify_frontend_public is not in configuration)
  - resource "aws_wafv2_web_acl" "licensify_frontend_public" {
      - arn           = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_frontend_public_web_acl/2814d33b-b26e-46c0-918d-9145b7789116" -> null
      - capacity      = 55 -> null
      - id            = "2814d33b-b26e-46c0-918d-9145b7789116" -> null
      - lock_token    = "acc3a28b-3c61-448c-9677-e13d73595fae" -> null
      - name          = "licensify_frontend_public_web_acl" -> null
      - scope         = "REGIONAL" -> null
      - tags          = {} -> null
      - tags_all      = {} -> null
      - token_domains = [] -> null

      - custom_response_body {
          - content      = <<-EOT
                <!DOCTYPE html>
                      <html>
                        <head>
                          <title>Welcome to GOV.UK</title>
                          <style>
                            body { font-family: Arial, sans-serif; margin: 0; }
                            header { background: black; }
                            h1 { color: white; font-size: 29px; margin: 0 auto; padding: 10px; max-width: 990px; }
                            p { color: black; margin: 30px auto; max-width: 990px; }
                          </style>
                        </head>
                        <body>
                          <header><h1>GOV.UK</h1></header>
                          <p>Sorry, there have been too many attempts to access this page.</p>
                          <p>Try again in a few minutes.</p>
                        </body>
                      </html>
            EOT -> null
          - content_type = "TEXT_HTML" -> null
          - key          = "frontend-public-rule-429" -> null
        }

      - default_action {
          - allow {
            }
        }

      - rule {
          - name     = "allow-govuk-infra" -> null
          - priority = 2 -> null

          - action {
              - allow {
                }
            }

          - statement {
              - ip_set_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:172025368201:regional/ipset/govuk_requesting_ips/7a2ca1ea-e0c7-48bb-a42c-82365117a2b2" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "govuk-infra-frontend-requests" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-limit" -> null
          - priority = 10 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 1000 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-limit" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "licensify-frontend-public-base-rate-warning" -> null
          - priority = 9 -> null

          - action {
              - count {
                }
            }

          - statement {
              - rate_based_statement {
                  - aggregate_key_type = "IP" -> null
                  - limit              = 500 -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "licensify-frontend-public-base-rate-warning" -> null
              - sampled_requests_enabled   = true -> null
            }
        }
      - rule {
          - name     = "x-always-block_web_acl_rule" -> null
          - priority = 1 -> null

          - override_action {
              - none {}
            }

          - statement {
              - rule_group_reference_statement {
                  - arn = "arn:aws:wafv2:eu-west-1:172025368201:regional/rulegroup/x-always-block_rule_group/e52f39a5-c453-49a0-8e0a-de25b7bacc42" -> null
                }
            }

          - visibility_config {
              - cloudwatch_metrics_enabled = true -> null
              - metric_name                = "x-always-block-rule-group" -> null
              - sampled_requests_enabled   = true -> null
            }
        }

      - visibility_config {
          - cloudwatch_metrics_enabled = true -> null
          - metric_name                = "licensify-frontend-public-web-acl" -> null
          - sampled_requests_enabled   = true -> null
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_backend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_backend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_backend_public_web_acl/69766e97-8175-4fd0-a2a1-222de39fcc05" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:172025368201:log-group:aws-waf-logs-licensify-backend-public-production",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_backend_public_web_acl/69766e97-8175-4fd0-a2a1-222de39fcc05" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

  # aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf will be destroyed
  # (because aws_wafv2_web_acl_logging_configuration.licensify_frontend_public_waf is not in configuration)
  - resource "aws_wafv2_web_acl_logging_configuration" "licensify_frontend_public_waf" {
      - id                      = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_frontend_public_web_acl/2814d33b-b26e-46c0-918d-9145b7789116" -> null
      - log_destination_configs = [
          - "arn:aws:logs:eu-west-1:172025368201:log-group:aws-waf-logs-licensify-frontend-public-production",
        ] -> null
      - resource_arn            = "arn:aws:wafv2:eu-west-1:172025368201:regional/webacl/licensify_frontend_public_web_acl/2814d33b-b26e-46c0-918d-9145b7789116" -> null

      - logging_filter {
          - default_behavior = "DROP" -> null

          - filter {
              - behavior    = "KEEP" -> null
              - requirement = "MEETS_ANY" -> null

              - condition {
                  - action_condition {
                      - action = "BLOCK" -> null
                    }
                }
              - condition {
                  - action_condition {
                      - action = "COUNT" -> null
                    }
                }
            }
        }
    }

Plan: 0 to add, 0 to change, 11 to destroy.

@robinjam
Remove refs to deleted LBs in infra-public-wafs
1ffdbeb 
These LBs have already been deleted. The `aws_wafv2_web_acl_association`s are already gone, but the `aws_shield_protection`s are still present (and non-functional). Let's remove them all.
@robinjam
Remove licensify_*_public_web_acl
46bcbc4 
The LBs these ACLs were associated with have been deleted.
@robinjam robinjam force-pushed the update-infra-public-wafs branch from 22c33e4 to 46bcbc4 Compare February 29, 2024 11:32
sengi
sengi approved these changes Feb 29, 2024
View reviewed changes
Copy link
Contributor

@sengi sengi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

cc @samsimpson1

@robinjam robinjam merged commit 45040af into main Feb 29, 2024
2 checks passed
@robinjam robinjam deleted the update-infra-public-wafs branch February 29, 2024 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sengi sengi sengi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robinjam @sengi